Google Workspace
Configure Google Workspace for SSO with Parseable
Configure Google Workspace (formerly G Suite) for Parseable authentication.
Overview
Integrate Google Workspace with Parseable to:
- Google SSO - Use Google Workspace identities
- Domain Restriction - Limit access to your domain
- Simple Setup - Quick OAuth configuration
- Familiar Login - Users sign in with Google
Prerequisites
- Google Workspace account (or Google Cloud project)
- Admin access to Google Cloud Console
- Parseable instance with OIDC support
Google Cloud Configuration
Create OAuth Client
- Go to Google Cloud Console
- Select or create a project
- Go to APIs & Services → Credentials
- Click Create Credentials → OAuth client ID
Configure OAuth Consent Screen
If prompted, configure the consent screen:
- Go to OAuth consent screen
- Select Internal (for Workspace) or External
- Fill in:
- App name: Parseable
- User support email: Your email
- Developer contact: Your email
- Add scopes:
email,profile,openid - Click Save and Continue
Create Client ID
- Application type: Web application
- Name: Parseable
- Authorized redirect URIs:
https://your-parseable.com/callback - Click Create
- Copy Client ID and Client Secret
Parseable Configuration
Environment Variables
P_OIDC_CLIENT_ID=your-client-id.apps.googleusercontent.com
P_OIDC_CLIENT_SECRET=your-client-secret
P_OIDC_ISSUER=https://accounts.google.com
P_OIDC_REDIRECT_URI=https://your-parseable.com/callbackDocker Compose
version: '3.8'
services:
parseable:
image: parseable/parseable:latest
environment:
- P_OIDC_CLIENT_ID=${GOOGLE_CLIENT_ID}
- P_OIDC_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET}
- P_OIDC_ISSUER=https://accounts.google.com
- P_OIDC_REDIRECT_URI=https://your-parseable.com/callbackOIDC Endpoints
Google OIDC endpoints:
| Endpoint | URL |
|---|---|
| Issuer | https://accounts.google.com |
| Authorization | https://accounts.google.com/o/oauth2/v2/auth |
| Token | https://oauth2.googleapis.com/token |
| UserInfo | https://openidconnect.googleapis.com/v1/userinfo |
| JWKS | https://www.googleapis.com/oauth2/v3/certs |
Domain Restriction
Restrict access to your Google Workspace domain:
In Google Cloud Console
- Go to OAuth consent screen
- Set User type to Internal
- Only users in your Workspace domain can access
In Parseable (if supported)
Configure allowed domains in Parseable settings.
Best Practices
- Use Internal Type - For Workspace-only access
- Verify Domain - Add and verify your domain
- Limit Scopes - Request only needed permissions
- Monitor Usage - Check OAuth usage in Cloud Console
Troubleshooting
Access Blocked
- Verify OAuth consent screen is configured
- Check app is published (for external)
- Verify user is in allowed domain
Invalid Client
- Check client ID format (ends with
.apps.googleusercontent.com) - Verify client secret is correct
- Check redirect URI matches exactly
Next Steps
- Configure OAuth for other providers
- Set up RBAC in Parseable
- Review security best practices
Was this page helpful?